"ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)" spam

This spam with a lengthy subject has a malicious attachment:

Date:      Thu, 16 Jan 2014 09:39:28 -0600 [10:39:28 EST]
From:      "support@salesforce.com" [support@salesforce.com]
Subject:      ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)
Priority:      High Priority 2

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.

Record ID: HJRQY9PSXBSK334

Supplier: http://[victimdomain.com]

Invoice No.: 5644366804

Document No.: 3319683775

Invoice amount: USD 0488.21

Rejection reason(s): Approval Required
Please find enclosed a record of invoice that could not be processed. We would like to ask you to assist us in resolving the noted rejection reasons. 

Attached is a file SFHJRQY9PSXBSK334.zip which in turn contains a malicious executable SF.EXE which has an icon that makes it look like a PDF file. This file has a very low detection rate at VirusTotal of 2/48. The Malwr analysis shows an attempted connection to centrum.co.id on 75.98.233.44 (Ceranet, US). This is the only site on that server, blocking either the IP or domain might be useful.